Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/dbqC1gfl12f35WYp8InH-gV02wk.roa
File: dbqC1gfl12f35WYp8InH-gV02wk.roa (raw, json)
Hash identifier: EkpXoaMa0fy12pzt6OTS/PPrHhuvYU2fIVqKuLxv5vk=
Subject key identifier: 75:BA:82:D6:07:E5:D7:67:F7:E5:66:29:F0:89:C7:FA:05:74:DB:09
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 019A1733D208323EDE5EFDFDAE83716A5620
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/dbqC1gfl12f35WYp8InH-gV02wk.roa
Signing time: Fri 24 Oct 2025 17:11:03 +0000
ROA not before: Fri 24 Oct 2025 17:11:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206150
IP address blocks: 64.43.72.0/24 maxlen: 24
91.200.135.0/24 maxlen: 24
91.224.212.0/24 maxlen: 24
91.232.56.0/24 maxlen: 24
91.232.57.0/24 maxlen: 24
91.234.120.0/24 maxlen: 24
91.234.121.0/24 maxlen: 24
91.238.42.0/23 maxlen: 23
91.238.42.0/24 maxlen: 24
91.238.43.0/24 maxlen: 24
91.245.91.0/24 maxlen: 24
176.103.121.0/24 maxlen: 24
176.115.237.0/24 maxlen: 24
176.115.238.0/24 maxlen: 24
176.115.239.0/24 maxlen: 24
178.213.180.0/24 maxlen: 24
178.213.181.0/24 maxlen: 24
195.80.143.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 01 Nov 2025 16:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:17:33:d2:08:32:3e:de:5e:fd:fd:ae:83:71:6a:56:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 24 17:11:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=75ba82d607e5d767f7e56629f089c7fa0574db09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:ce:2f:bf:6b:ec:42:23:55:f1:ee:aa:52:06:
7c:60:47:95:97:f9:2e:89:64:e0:cf:15:18:bf:f7:
cb:32:40:18:2b:a2:41:31:66:6c:1b:73:5c:01:b5:
9c:39:af:10:89:56:36:1e:bc:ec:69:6e:78:a6:3a:
46:f3:9d:24:b8:3f:0c:67:86:1c:33:2a:94:9c:c0:
d0:65:60:e3:c8:ae:c8:46:f8:ec:22:38:a8:ce:b1:
11:2c:b6:a1:52:43:e0:04:d3:42:c8:db:83:58:e4:
c3:45:c2:09:83:38:35:5a:09:6c:64:ec:bc:3e:06:
33:0d:35:75:a6:1f:6c:eb:79:97:87:a6:86:65:b2:
4a:09:6e:7c:ad:bd:7e:fc:2a:d4:c9:44:d9:e9:35:
4d:46:02:54:9f:f5:94:db:0f:7f:1c:fb:bd:67:51:
81:d4:ad:0e:d1:59:ab:ea:0d:6c:31:9f:56:44:37:
e8:a7:0f:59:00:22:8b:be:4c:fb:c4:32:68:94:03:
e9:c7:b7:a6:5d:ec:4f:31:35:4b:16:ab:23:1d:df:
a5:bc:04:ed:12:ec:9a:45:b8:49:bf:05:56:ec:d6:
a1:55:c3:c7:e8:0a:40:c5:db:97:b8:87:83:f2:8c:
b8:24:81:e7:21:ec:52:a3:0d:69:3a:79:94:65:fc:
16:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:BA:82:D6:07:E5:D7:67:F7:E5:66:29:F0:89:C7:FA:05:74:DB:09
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/dbqC1gfl12f35WYp8InH-gV02wk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.43.72.0/24
91.200.135.0/24
91.224.212.0/24
91.232.56.0/23
91.234.120.0/23
91.238.42.0/23
91.245.91.0/24
176.103.121.0/24
176.115.237.0-176.115.239.255
178.213.180.0/23
195.80.143.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:5b:f9:82:7b:86:db:46:00:08:7b:39:97:c7:e7:2c:54:ee:
df:a9:63:1f:98:6f:af:a3:48:e6:cb:4c:09:19:65:a0:57:c4:
e0:09:f3:1d:f6:99:97:03:53:91:0f:1f:f4:dd:46:50:99:68:
a9:65:9b:92:f5:62:41:11:a9:9b:44:40:20:59:c8:eb:fe:97:
68:09:a8:92:d9:29:0e:d4:59:55:00:4f:22:24:57:53:cd:a2:
f8:67:9d:ce:be:e7:da:03:b8:7e:a2:e9:20:67:56:42:e0:50:
ed:33:26:7e:fe:50:ab:88:f3:2d:f5:44:ec:15:82:b6:22:d4:
ee:19:1f:8a:c4:17:3f:67:b8:44:49:b1:27:63:02:df:d8:60:
ba:90:9c:c8:3f:e6:8b:10:a1:90:0f:10:60:e2:d5:7b:80:71:
1a:3b:5c:37:62:36:b8:14:34:8f:20:80:4b:53:b6:fa:00:6e:
a5:4f:29:bb:95:82:16:4b:33:3d:2d:7b:95:34:7f:0f:fa:2e:
b7:79:73:71:17:3d:49:ba:57:11:5e:d0:d5:f3:f8:0f:df:69:
ca:bb:79:4c:9c:14:4b:25:01:ee:59:5d:b5:f0:40:ee:88:fe:
2e:4c:ac:36:66:54:6e:c2:66:e6:00:62:a1:65:17:45:72:54:
ed:b2:44:c4
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZoXM9IIMj7eXv39roNxalYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUxMDI0MTcxMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJhODJkNjA3ZTVkNzY3ZjdlNTY2MjlmMDg5YzdmYTA1NzRkYjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA284vv2vsQiNV8e6qUgZ8YEeVl/ku
iWTgzxUYv/fLMkAYK6JBMWZsG3NcAbWcOa8QiVY2HrzsaW54pjpG850kuD8MZ4Yc
MyqUnMDQZWDjyK7IRvjsIjiozrERLLahUkPgBNNCyNuDWOTDRcIJgzg1WglsZOy8
PgYzDTV1ph9s63mXh6aGZbJKCW58rb1+/CrUyUTZ6TVNRgJUn/WU2w9/HPu9Z1GB
1K0O0Vmr6g1sMZ9WRDfopw9ZACKLvkz7xDJolAPpx7emXexPMTVLFqsjHd+lvATt
EuyaRbhJvwVW7NahVcPH6ApAxduXuIeD8oy4JIHnIexSow1pOnmUZfwWywIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFHW6gtYH5ddn9+VmKfCJx/oFdNsJMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvZGJxQzFnZmwxMmYzNVdZcDhJbkgtZ1YwMndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAQCtIAwQA
W8iHAwQAW+DUAwQBW+g4AwQBW+p4AwQBW+4qAwQAW/VbAwQAsGd5MAwDBACwc+0D
BASwc+ADBAGy1bQDBADDUI8wDQYJKoZIhvcNAQELBQADggEBAJxb+YJ7httGAAh7
OZfH5yxU7t+pYx+Yb6+jSObLTAkZZaBXxOAJ8x32mZcDU5EPH/TdRlCZaKllm5L1
YkERqZtEQCBZyOv+l2gJqJLZKQ7UWVUATyIkV1PNovhnnc6+59oDuH6i6SBnVkLg
UO0zJn7+UKuI8y31ROwVgrYi1O4ZH4rEFz9nuERJsSdjAt/YYLqQnMg/5osQoZAP
EGDi1XuAcRo7XDdiNrgUNI8ggEtTtvoAbqVPKbuVghZLMz0te5U0fw/6Lrd5c3EX
PUm6VxFe0NXz+A/facq7eUycFEslAe5ZXbXwQO6I/i5MrDZmVG7CZuYAYqFlF0Vy
VO2yRMQ=
-----END CERTIFICATE-----
Generated at Fri Oct 31 23:24:00 2025 by rpki-client